New IM Attacks Emerge In 2008
Unlike the simple viruses of years past, the IM threats in the last 12 months have evolved into multi-staged attacks that have the potential to cause significant harm to users' PCs, experts say. New IM worms identified last month include Cargar, Etest and YMWorm. Etset, Mytob and Sohana were the most common, each containing two variants.
In addition, attacks on peer-to-peer file sharing networks, such as Kazaa and eDonkey, increased 125 percent from November to December with a total of 27 attacks.
"(This kind of attack) doesn't seem to be a fad," said Don Montgomery, vice president of marketing at Akonix Systems, which uncovered the recent attacks. "IM is more popular. And IM is more popular at work. Hackers have a motivation to get into a corporate network, as opposed to when IM was mainly used by individuals at home."
Attackers will entice users to click on a link to a malicious URL with a socially engineered message that looks like it comes from a friend. The malicious site then downloads a Trojan or a worm onto the users' PC and propagates through the infected person's buddy list.
"Within minutes you have this massive pyramid," said Montgomery. "The simplicity of this is what makes the risk so great."
After the Trojan is downloaded, victims' PCs will then be stealthily incorporated into a botnet that will allow the attackers to hijack financial accounts. Montgomery said that researchers saw a trend of attacks in 2007 that specifically used IM as a vehicle for financially motivated criminal activities.
"That's very different than last year [2006]," he said. "Now, with more and more IM being used in corporations, a truly malicious hacker can gain access, and start looking at corporate data. That's what worries us in '08."
Montgomery said while IM threats are expected to rise slightly over the next year, there won't be a significant increase in the number of attacks from 2007 as companies adopt appropriate security measures to combat the problem.
"The plateau is here. Companies are finally starting to take action," he said. "(Attackers) will look for the next open door."